Pages

Thursday, 21 August 2014

Spying the Internet: How the “Big 5” Do It!

By now it is well-known that spying the world’s servers for vulnerabilities and remote control as well as communication snooping is rampant and performed by major government intelligence agencies like NSA, GHCQ, etc. The big 5 – an alliance between U.S., Canada, U.K., New Zealand and Australia, performs it primarily. It is indeed a fascinating story as to how they do it and with what ease it is done, which by the way is shocking. Without wasting anymore time, let us dive deep in the process which can be murky and all the reasons for the why and how.

The “Five Eyes”

The "Five Eyes", often abbreviated as "FVEY", refer to an alliance comprising Australia, Canada, New Zealand, the U.K. and the U.S. and are bound by the multilateral UKUSA Agreement – which signifies a joint cooperation in signals intelligence. It all started after World War II when the allies formed ECHELON – a surveillance system developed by the FVEY to monitor Soviet Union and the Eastern Bloc in general during the cold war. Since that, it has increased in size and forms a supra-national system that does not abide by the laws of their countries as well as share surveillance data of their people and businesses among themselves which otherwise is banned.

Enter “Hacienda”

Many dream of systems that would scan the entire internet for vulnerabilities and exploit them – well such things are now possible. Hacienda is port scanning software that scans ports of all online servers for vulnerabilities and its primary goal being to exploit these to gain remote access and control. It was first uncovered in 2009 by HeiseOnline, which got hold of presentations about the software. Port scanning takes place via 3-way handshaking mechanisms of TCP/IP protocol stack and is quite convenient. It is now estimated that the software is powerful enough to scan the entire IPv4 address space within a few hours running on a single PC. Based on leaked evidences, it has been used to port scan on 27 countries whose actual identities could be revealed. Also, their port snooping involves all network protocols which are secured like HTTP, HTTPS, FTP, SSH and SNMP.

0-Day Attacks

An often used word, it implies attacking a system via an identified vulnerability before the security experts find out about it. Thus, one is basically defenseless as it happens. NSA relies heavily on such tactics and firewalls are useless in such cases as in mort probability, NSA has already infiltrated the local network.

With such information about wide-spread spying, port snooping and 0-day attacks, the revelations tell us about how vulnerable our networks are. Most of the surveillance is justified by “increased threats of terrorism on nations”; however, theydo not respect privacy and national laws. While the security principles are well understood, it is the poor implementation, an age-old IPv4 with security “bolted-on” rather inbuilt and vulnerable servers that lead to such surveillance apart from massive investment in resources for the task. It is indeed an eye-opener for most!